CN108156160B - Connection establishment method and device - Google Patents
Connection establishment method and device Download PDFInfo
- Publication number
- CN108156160B CN108156160B CN201711441735.8A CN201711441735A CN108156160B CN 108156160 B CN108156160 B CN 108156160B CN 201711441735 A CN201711441735 A CN 201711441735A CN 108156160 B CN108156160 B CN 108156160B
- Authority
- CN
- China
- Prior art keywords
- domain name
- digital certificate
- name information
- ssl
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a connection establishing method and a device, which are applied to a server and comprise the following steps: when a digital certificate reference instruction aiming at a preset SSL strategy is detected, analyzing a digital certificate specified by the digital certificate reference instruction to acquire domain name information in the digital certificate; correspondingly storing the domain name information in the digital certificate and the SSL strategy; when a handshake request sent by a client is received, detecting whether the handshake request carries host information; if the handshake request carries host information, judging whether domain name information matched with the host information is stored; and if the domain name information matched with the host information is stored, establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information. According to the technical scheme, the consumed CPU resources can be reduced, and therefore the CPU performance of the server side can be improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a connection establishment method and apparatus.
Background
The sni (server Name indication) is part of the TLS (Transport Layer Security) extension protocol, allowing clients to provide their requested domain Name to the server. SNI is enabled in SSL (Secure Sockets Layer) version 3.0/TLS version 1.0.
In the related art, a TLS handshake request (i.e., a Client Hello packet) sent by a Client to a server carries domain name information requested by the Client. After receiving the handshake request, the server side firstly acquires the domain name information in the handshake request, and then analyzes the locally stored digital certificates one by one, so as to compare the domain name information in each digital certificate with the domain name information in the handshake request, thereby selecting the digital certificate of which the domain name information is the same as the domain name information in the handshake request as the server side certificate of the current TLS communication.
However, when the number of digital certificates stored in the server is large or the access request amount of the client is large, the server needs to analyze a large number of digital certificates by using the standard digital certificate structure specification every time TLS handshake, so that a large amount of CPU resources are consumed and the CPU performance of the server is greatly affected.
Disclosure of Invention
In view of this, the present application provides a connection establishing method and apparatus to solve the problem that the CPU performance of the server is affected in the related art.
Specifically, the method is realized through the following technical scheme:
in a first aspect, the present application provides a connection establishment method, where the method is applied to a server, and the method includes:
when a digital certificate reference instruction aiming at a preset SSL strategy is detected, analyzing a digital certificate specified by the digital certificate reference instruction to acquire domain name information in the digital certificate;
correspondingly storing the domain name information in the digital certificate and the SSL strategy;
when a handshake request sent by a client is received, detecting whether the handshake request carries host information;
if the handshake request carries host information, judging whether domain name information matched with the host information is stored;
and if the domain name information matched with the host information is stored, establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information.
In a second aspect, the present application provides a connection establishing apparatus, where the apparatus is applied to a server, and the apparatus includes:
the analysis unit is used for analyzing the digital certificate specified by the digital certificate reference instruction to acquire domain name information in the digital certificate when the digital certificate reference instruction aiming at a preset SSL strategy is detected;
the storage unit is used for correspondingly storing the domain name information in the digital certificate and the SSL strategy;
the device comprises a detection unit and a processing unit, wherein the detection unit is used for detecting whether a handshake request carries host information or not when the handshake request sent by a client is received;
the judging unit is used for judging whether domain name information matched with the host information is stored or not when the handshake request carries the host information;
and the first establishing unit is used for establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information when the domain name information matched with the host information is stored.
By analyzing the above technical solution, the server may analyze the stored digital certificate in advance to obtain the domain name information in the digital certificate, and correspondingly store the domain name information and the SSL policy referring to the digital certificate. When receiving a handshake request sent by a client, a subsequent server can directly match host information carried by the handshake request with stored domain name information, and when the matched domain name information is stored, establish connection with the client based on an SSL policy corresponding to the domain name information. Compared with the prior art, in the technical scheme of the application, the server does not need to analyze a large number of digital certificates by using the standard digital certificate structure specification every time when receiving the handshake request sent by the client, and only needs to match the host information carried by the handshake request with the domain name information obtained from the digital certificate in advance to determine the SSL strategy used by the communication, so that the consumed CPU resource can be reduced, and the CPU performance of the server can be improved.
Drawings
Fig. 1 is a flow chart illustrating a method for connection establishment according to an exemplary embodiment of the present application;
fig. 2 is a flow chart illustrating another connection establishment method according to an exemplary embodiment of the present application;
fig. 3 is a hardware structure diagram of a device where a connection establishment apparatus is located according to an exemplary embodiment of the present application;
fig. 4 is a block diagram of a connection establishment apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to solve the problem that the performance of a CPU of a server is affected in the related art, the application provides a connection establishing method and a connection establishing device so as to improve the performance of the CPU of the server and further improve the service processing capacity of the server.
Referring to fig. 1, a flowchart of a connection establishment method according to an exemplary embodiment of the present application is shown. The method can be applied to a server and comprises the following steps:
step 101: when a digital certificate reference instruction aiming at a preset SSL strategy is detected, a digital certificate specified by the digital certificate reference instruction is analyzed to obtain domain name information in the digital certificate.
Step 102: and correspondingly storing the domain name information in the digital certificate and the SSL strategy.
In this embodiment, the server may provide a user interface to the user, and the user may configure one or more SSL policies in advance through the user interface, and the server refers to the one or more SSL policies, that is, the SSL policies configured by the user are stored by the server. In addition, the user can configure one digital certificate for each SSL policy and the digital certificate is referred to by the server for the SSL policy. Specifically, the server may integrate the digital certificate into the SSL policy for storage, or store a corresponding relationship between the SSL policy and the digital certificate. Of course, in practical applications, it is usually necessary to configure a digital certificate for each SSL policy to ensure the normal use of each SSL policy.
When detecting a digital certificate reference instruction for a certain SSL policy from a user, the server may first parse a digital certificate specified by the digital certificate reference instruction (i.e., a digital certificate that is referred to by the user for the SSL policy), so as to obtain domain name information in the digital certificate.
Subsequently, after the server acquires the domain name information in the digital certificate, the server can correspondingly store the domain name information and the SSL policy.
Specifically, the server may directly integrate the domain name information into the SSL policy, and store the integrated SSL policy including the domain name information, so that the domain name information in the digital certificate and the SSL policy may be correspondingly stored.
Or, the server side can directly store the corresponding relationship between the domain name information and the SSL policy while storing the domain name information and the SSL policy, so that the domain name information in the digital certificate and the SSL policy can be stored correspondingly.
Step 103: when a handshake request sent by a client is received, whether the handshake request carries host information is detected.
Step 104: and if the handshake request carries host information, judging whether domain name information matched with the host information is stored.
Step 105: and if the domain name information matched with the host information is stored, establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information.
In this embodiment, when receiving a handshake request (i.e., a Client Hello packet) sent by a Client, a server may first detect whether the handshake request carries host information.
If the handshake request carries host information, the server may further determine whether domain name information matching the host information carried in the handshake request is stored.
Based on the above determination result, if the domain name information matched with the host information carried in the handshake request is stored, the server may establish connection with the client sending the handshake request based on the SSL policy corresponding to the domain name information matched with the host information carried in the handshake request. In practical applications, the server may establish a connection with the client sending the handshake request according to the SSL policy and the digital certificate referred by the SSL policy.
It should be noted that the user may configure a different digital certificate for each SSL policy, that is, the server refers to a different digital certificate for different SSL policies. In this way, there is only one SSL policy corresponding to the domain name information matched with the host information carried in the handshake request at most, that is, the server may directly establish a connection with the client that sends the handshake request based on the SSL policy corresponding to the domain name information matched with the host information carried in the handshake request. In another example, the user may also configure the same digital certificate for different SSL policies, that is, there may be multiple SSL policies corresponding to domain name information that matches the host information carried in the handshake request. In this case, the server may select to establish a connection with the client that sent the handshake request based on the SSL policy corresponding to the domain name information that is matched first in time.
Specifically, if in the foregoing step 102, the server integrates the domain name information into the SSL policy for storage, at this time, the server may match the host information carried in the handshake request with the domain name information in each stored SSL policy. If the domain name information matched with the host information carried in the handshake request is stored, the server can establish connection with the client sending the handshake request based on an SSL policy containing the domain name information matched with the host information carried in the handshake request.
On the other hand, if the corresponding relationship between the domain name information and the SSL policy is stored in the server in the foregoing step 102, at this time, the server may directly match the host information carried in the handshake request with each stored domain name information. If the domain name information matched with the host information carried in the handshake request is stored, the server can acquire the SSL policy corresponding to the domain name information matched with the host information carried in the handshake request according to the correspondence between the domain name information and the SSL policy, and then establish connection with the client sending the handshake request based on the SSL policy.
In practical application, host information carried in a handshake request sent by a client is usually domain name information. In this case, in the step 104, the server may directly determine whether the same domain name information as the host information carried in the handshake request is stored. If the same domain name information as the host information carried in the handshake request is stored, the server may determine that the domain name information matching the host information carried in the handshake request is stored, so that step 105 may be continuously performed.
In an optional embodiment, based on the determination result in the foregoing step 103, if the handshake request does not carry host information, the server may establish a connection with the client sending the handshake request based on a stored default SSL policy.
In another optional embodiment, based on the determination result in the foregoing step 104, if domain name information matched with the host information carried in the handshake request is not stored, the server may also establish a connection with the client sending the handshake request based on a stored default SSL policy.
It should be noted that the default SSL policy may be specified by the user among the plurality of SSL policies, or may be selected by the server according to a preset selection algorithm. For example, the server may determine the SSL policy saved first as the default SSL policy; or, after finishing the storage of all SSL policies, the server may randomly select one SSL policy and determine the selected SSL policy as the default SSL policy. Of course, if the user configures only one SSL policy, the server may directly determine the SSL policy as the default SSL policy.
As can be seen from the foregoing embodiment, the server may analyze the stored digital certificate in advance to obtain the domain name information in the digital certificate, and correspondingly store the domain name information and the SSL policy referring to the digital certificate. When receiving a handshake request sent by a client, a subsequent server can directly match host information carried by the handshake request with stored domain name information, and when the matched domain name information is stored, establish connection with the client based on an SSL policy corresponding to the domain name information. Compared with the prior art, in the technical scheme of the application, the server does not need to analyze a large number of digital certificates by using the standard digital certificate structure specification every time when receiving the handshake request sent by the client, and only needs to match the host information carried by the handshake request with the domain name information obtained from the digital certificate in advance to determine the SSL strategy used by the communication, so that the consumed CPU resource can be reduced, and the CPU performance of the server can be improved.
Referring to fig. 2, a flowchart of another connection establishment method according to an exemplary embodiment of the present application is shown. The method can be applied to a server and comprises the following steps:
step 201: when a digital certificate reference instruction aiming at a preset SSL strategy is detected, a digital certificate specified by the digital certificate reference instruction is analyzed to obtain domain name information in the digital certificate.
Step 202: and correspondingly storing the domain name information in the digital certificate and the SSL strategy.
Step 203: when a handshake request sent by a client is received, whether the handshake request carries host information is detected. If yes, go to step 204; otherwise, step 206 is performed.
Step 204: and judging whether the domain name information matched with the host information is stored. If so, go to step 205; otherwise, step 206 is performed.
Step 205: and establishing connection with the client based on the SSL strategy corresponding to the domain name information matched with the host information.
Step 206: and establishing connection with the client based on the stored default SSL strategy.
In this embodiment, the specific implementation method of each step may refer to the description in the embodiment shown in fig. 1, and is not described herein again.
Corresponding to the embodiment of the connection establishment method, the application also provides an embodiment of a connection establishment device.
The embodiment of the connection establishing device can be applied to the server. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor of the device where the software implementation is located as a logical means. From a hardware aspect, as shown in fig. 3, a hardware structure diagram of a service end where a connection establishment apparatus of the present application is located is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the service end where the apparatus is located in the embodiment may also include other hardware according to an actual function established by the connection, which is not described again.
Referring to fig. 4, a block diagram of a connection establishment apparatus according to an exemplary embodiment of the present application is shown. The apparatus 400 can be applied to the server shown in fig. 3, and includes:
the parsing unit 401 is configured to, when a digital certificate reference instruction for a preset SSL policy is detected, parse a digital certificate specified by the digital certificate reference instruction to obtain domain name information in the digital certificate;
a storing unit 402, configured to correspondingly store the domain name information in the digital certificate and the SSL policy;
a detecting unit 403, configured to detect whether a handshake request carries host information when the handshake request sent by a client is received;
a determining unit 404, configured to determine whether domain name information matched with host information is stored when the handshake request carries the host information;
a first establishing unit 405, configured to establish, when the domain name information matched with the host information is stored, a connection with the client based on an SSL policy corresponding to the domain name information matched with the host information.
In an alternative embodiment, the saving unit 402 may include:
the first storage subunit 4021 is configured to integrate domain name information in the digital certificate into the SSL policy for storage; or
A second saving subunit 4022, configured to save a correspondence between the domain name information in the digital certificate and the SSL policy.
In another optional embodiment, the host information is domain name information;
the judging unit 404 may include:
a determining subunit 4041, configured to determine whether domain name information that is the same as the host information is stored;
a determining subunit 4042, configured to determine that domain name information matching the host information is stored when the domain name information that is the same as the host information is stored.
In another alternative embodiment, the apparatus 400 may further include:
a second establishing unit 406, configured to establish a connection with the client based on a stored default SSL policy when the handshake request does not carry host information.
In another alternative embodiment, the apparatus 400 may further include:
a third establishing unit 407, configured to establish, when domain name information matching the host information is not stored, a connection with the client based on a stored default SSL policy.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (6)
1. A connection establishment method is applied to a server side and comprises the following steps:
when a digital certificate reference instruction aiming at a preset SSL strategy is detected, analyzing a digital certificate specified by the digital certificate reference instruction to acquire domain name information in the digital certificate; wherein the digital certificate specified by the digital certificate reference instruction comprises a digital certificate configured by a user for the preset SSL policy;
integrating the domain name information in the digital certificate into the SSL strategy for storage, or storing the corresponding relation between the domain name information in the digital certificate and the SSL strategy;
when a handshake request sent by a client is received, detecting whether the handshake request carries host information;
if the handshake request carries host information, judging whether domain name information matched with the host information is stored;
if the domain name information matched with the host information is stored, establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information; and if the domain name information matched with the host information is not stored, establishing connection with the client based on the stored default SSL strategy.
2. The method of claim 1, wherein the host information is domain name information;
the judging whether domain name information matched with the host information is stored includes:
judging whether domain name information identical to the host information is stored;
and if the domain name information which is the same as the host information is stored, determining that the domain name information which is matched with the host information is stored.
3. The method of claim 1, further comprising:
and if the handshake request does not carry host information, establishing connection with the client based on a stored default SSL strategy.
4. A connection establishing apparatus, wherein the apparatus is applied to a server, and the apparatus comprises:
the analysis unit is used for analyzing the digital certificate specified by the digital certificate reference instruction to acquire domain name information in the digital certificate when the digital certificate reference instruction aiming at a preset SSL strategy is detected; wherein the digital certificate specified by the digital certificate reference instruction comprises a digital certificate configured by a user for the preset SSL policy;
the storage unit is used for integrating the domain name information in the digital certificate into the SSL strategy for storage, or storing the corresponding relation between the domain name information in the digital certificate and the SSL strategy;
the device comprises a detection unit and a processing unit, wherein the detection unit is used for detecting whether a handshake request carries host information or not when the handshake request sent by a client is received;
the judging unit is used for judging whether domain name information matched with the host information is stored or not when the handshake request carries the host information;
the first establishing unit is used for establishing connection with the client based on an SSL strategy corresponding to the domain name information matched with the host information when the domain name information matched with the host information is stored;
and the third establishing unit is used for establishing connection with the client based on the stored default SSL strategy when the domain name information matched with the host information is not stored.
5. The apparatus of claim 4, wherein the host information is domain name information;
the judging unit includes:
a judging subunit, configured to judge whether domain name information identical to the host information is stored;
and the determining subunit is used for determining that the domain name information matched with the host information is stored when the domain name information identical to the host information is stored.
6. The apparatus of claim 4, further comprising:
and the second establishing unit is used for establishing connection with the client based on a stored default SSL strategy when the handshake request does not carry host information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711441735.8A CN108156160B (en) | 2017-12-27 | 2017-12-27 | Connection establishment method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711441735.8A CN108156160B (en) | 2017-12-27 | 2017-12-27 | Connection establishment method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108156160A CN108156160A (en) | 2018-06-12 |
| CN108156160B true CN108156160B (en) | 2021-05-28 |
Family
ID=62463109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711441735.8A Active CN108156160B (en) | 2017-12-27 | 2017-12-27 | Connection establishment method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108156160B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110198297B (en) * | 2018-10-08 | 2022-02-22 | 腾讯科技(深圳)有限公司 | Flow data monitoring method and device, electronic equipment and computer readable medium |
| CN109413196A (en) * | 2018-11-13 | 2019-03-01 | 四川长虹电器股份有限公司 | A kind of method of intelligent Matching HTTPS access certificate |
| CN110830460B (en) * | 2019-10-25 | 2022-09-20 | 卓米私人有限公司 | Connection establishing method and device, electronic equipment and storage medium |
| CN112134889A (en) * | 2020-09-23 | 2020-12-25 | 北京天融信网络安全技术有限公司 | SSL-based communication method, device and system |
| CN114095415B (en) * | 2021-11-26 | 2024-05-07 | 山石网科通信技术股份有限公司 | Route determination method, device, gateway equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104967590A (en) * | 2014-09-18 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Method, apparatus and system for transmitting communication message |
| CN107231241A (en) * | 2016-03-24 | 2017-10-03 | 中国移动通信有限公司研究院 | Information processing method, gateway and verification platform |
| CN107241428A (en) * | 2017-06-30 | 2017-10-10 | 北京百度网讯科技有限公司 | A kind of method and apparatus that https is realized in the shared fictitious host computer based on container |
| CN107306251A (en) * | 2016-04-20 | 2017-10-31 | 中国移动通信有限公司研究院 | A kind of information authentication method and gateway device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8566580B2 (en) * | 2008-07-23 | 2013-10-22 | Finjan, Inc. | Splitting an SSL connection between gateways |
-
2017
- 2017-12-27 CN CN201711441735.8A patent/CN108156160B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104967590A (en) * | 2014-09-18 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Method, apparatus and system for transmitting communication message |
| CN107231241A (en) * | 2016-03-24 | 2017-10-03 | 中国移动通信有限公司研究院 | Information processing method, gateway and verification platform |
| CN107306251A (en) * | 2016-04-20 | 2017-10-31 | 中国移动通信有限公司研究院 | A kind of information authentication method and gateway device |
| CN107241428A (en) * | 2017-06-30 | 2017-10-10 | 北京百度网讯科技有限公司 | A kind of method and apparatus that https is realized in the shared fictitious host computer based on container |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108156160A (en) | 2018-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108156160B (en) | Connection establishment method and device | |
| US10027626B2 (en) | Method for providing authoritative application-based routing and an improved application firewall | |
| US20150326486A1 (en) | Application identification in records of network flows | |
| US20170171221A1 (en) | Real-time Scanning of IP Addresses | |
| JP2017016650A (en) | Method and system for detecting and identifying resource on computer network | |
| CN107294910B (en) | Login method and server | |
| US10205803B1 (en) | System for determining improper port configurations | |
| CN111224980A (en) | Detection method and device for denial of service attack, electronic equipment and medium | |
| CN110891056A (en) | HTTPS request authentication method and device, electronic equipment and storage medium | |
| CN107623916B (en) | Method and equipment for WiFi network security monitoring | |
| CN110166518B (en) | Session information transmission method, device, storage medium and electronic device | |
| CN111082996B (en) | Automatic configuration method, device and medium for in-band monitoring software | |
| CN109361712B (en) | Information processing method and information processing device | |
| CN107948022B (en) | Identification method and identification device for peer-to-peer network traffic | |
| CN111092867A (en) | SSH back door account detection method and device, electronic equipment and storage medium | |
| CN110677423A (en) | Data acquisition method and device based on client agent side and computer equipment | |
| CN114006955B (en) | Data processing method, device, equipment and readable storage medium | |
| CN106844073B (en) | Method for diagnosing application, diagnosis client and system | |
| CN113709136B (en) | Access request verification method and device | |
| CN107872493B (en) | Information processing method, terminal and server | |
| CN106803830B (en) | Method, device and system for identifying internet access terminal and User Identity Module (UIM) card | |
| US20160315959A1 (en) | Detecting unauthorized, risky, or inefficient usage of privileged credentials through analysis of remote shell protocol bandwidth | |
| US9178771B2 (en) | Determining the type of a network tier | |
| CN111107089A (en) | Method and device for protecting data transmission safety of Android system | |
| US20200344211A1 (en) | Device and method for securing a network connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |